Skip to content

feat(sdk): make enforcement of DPoP optional #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 41 commits into from
Apr 23, 2024
Merged

feat(sdk): make enforcement of DPoP optional #617

merged 41 commits into from
Apr 23, 2024

Conversation

@mkleene
Copy link
Contributor

@mkleene mkleene commented Apr 18, 2024
edited
Loading

  • add auth.enforceDPoP. enabling this setting tells the auth middleware to accept tokens that do not have a cnf claim as valid. since having DPoP or not is a property this config goes along with each issuer
  • change the return of checkToken to return a context that has the right stuff in it so that we don't have to validate that something that came back without an error is non-nil
  • make it possible to disable auth on rewrap. currently we can't because we require there be a dpop JWK

addresses #566

@mkleene mkleene changed the title Make dpop optional feat(sdk): make enforcement of DPoP optional Apr 18, 2024
@mkleene mkleene marked this pull request as ready for review April 19, 2024 14:17
@mkleene mkleene requested review from a team as code owners April 19, 2024 14:17
dmihalcik-virtru
dmihalcik-virtru previously approved these changes Apr 19, 2024
View reviewed changes
Copy link
Member

@dmihalcik-virtru dmihalcik-virtru left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional improvement to encourage upgrading to new config

dmihalcik-virtru
dmihalcik-virtru previously approved these changes Apr 22, 2024
View reviewed changes
@mkleene mkleene requested review from a team as code owners April 23, 2024 17:05
@mkleene mkleene added this pull request to the merge queue Apr 23, 2024
Merged via the queue into main with commit 028064c Apr 23, 2024
@mkleene mkleene deleted the make-dpop-optional branch April 23, 2024 18:25
@opentdf-automation opentdf-automation bot mentioned this pull request Apr 23, 2024
Merged
This was referenced Apr 23, 2024
Closed
Closed
@b-long b-long mentioned this pull request Apr 24, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Apr 26, 2024
@opentdf-automation @jakedoublev
chore(main): release service 0.2.0 (#641)
655d527 
🤖 I have created a release *beep* *boop*
---


##
[0.2.0](service/v0.1.0...service/v0.2.0)
(2024-04-26)


### Features

* **policy:** move key access server registry under policy
([#655](#655))
([7b63394](7b63394))
* **provisioning:** Keycloak provisioning from custom config
([#573](#573))
([f9e9d72](f9e9d72))
* **sdk:** make enforcement of DPoP optional
([#617](#617))
([028064c](028064c))


### Bug Fixes

* **core:** remove unused db argument
([#653](#653))
([cfbd168](cfbd168))
* **db:** invalid uuid error message
([#633](#633))
([c8f61aa](c8f61aa))
* **sdk:** this (`enforceDPoP`) flag needs to be flipped
([#649](#649))
([dd65db1](dd65db1))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Co-authored-by: jakedoublev <[email protected]>
This was referenced Apr 30, 2024
Closed
Closed
tech-guru42 added a commit to tech-guru42/TDF that referenced this pull request Jun 3, 2024
@tech-guru42 @opentdf-automation @jakedoublev
chore(main): release service 0.2.0 (#641)
d47be08 
🤖 I have created a release *beep* *boop*
---


##
[0.2.0](opentdf/platform@service/v0.1.0...service/v0.2.0)
(2024-04-26)


### Features

* **policy:** move key access server registry under policy
([#655](opentdf/platform#655))
([7b63394](opentdf/platform@7b63394))
* **provisioning:** Keycloak provisioning from custom config
([#573](opentdf/platform#573))
([f9e9d72](opentdf/platform@f9e9d72))
* **sdk:** make enforcement of DPoP optional
([#617](opentdf/platform#617))
([028064c](opentdf/platform@028064c))


### Bug Fixes

* **core:** remove unused db argument
([#653](opentdf/platform#653))
([cfbd168](opentdf/platform@cfbd168))
* **db:** invalid uuid error message
([#633](opentdf/platform#633))
([c8f61aa](opentdf/platform@c8f61aa))
* **sdk:** this (`enforceDPoP`) flag needs to be flipped
([#649](opentdf/platform#649))
([dd65db1](opentdf/platform@dd65db1))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Co-authored-by: jakedoublev <[email protected]>
passion-127 added a commit to passion-127/TDF that referenced this pull request Jun 6, 2024
@passion-127 @opentdf-automation @jakedoublev
chore(main): release service 0.2.0 (#641)
874b7ad 
🤖 I have created a release *beep* *boop*
---


##
[0.2.0](opentdf/platform@service/v0.1.0...service/v0.2.0)
(2024-04-26)


### Features

* **policy:** move key access server registry under policy
([#655](opentdf/platform#655))
([7b63394](opentdf/platform@7b63394))
* **provisioning:** Keycloak provisioning from custom config
([#573](opentdf/platform#573))
([f9e9d72](opentdf/platform@f9e9d72))
* **sdk:** make enforcement of DPoP optional
([#617](opentdf/platform#617))
([028064c](opentdf/platform@028064c))


### Bug Fixes

* **core:** remove unused db argument
([#653](opentdf/platform#653))
([cfbd168](opentdf/platform@cfbd168))
* **db:** invalid uuid error message
([#633](opentdf/platform#633))
([c8f61aa](opentdf/platform@c8f61aa))
* **sdk:** this (`enforceDPoP`) flag needs to be flipped
([#649](opentdf/platform#649))
([dd65db1](opentdf/platform@dd65db1))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>
Co-authored-by: jakedoublev <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jrschumacher jrschumacher jrschumacher left review comments

@strantalis strantalis strantalis approved these changes

@dmihalcik-virtru dmihalcik-virtru dmihalcik-virtru left review comments

+1 more reviewer

@dmihalcik dmihalcik dmihalcik approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@mkleene @jrschumacher @dmihalcik @strantalis @dmihalcik-virtru